Jason Maynard, a Consulting Systems Engineer in Cybersecurity for Cisco Systems, discusses the challenges of maintaining cybersecurity in a rapidly evolving hybrid work environment. He sheds light on the common threats businesses face due to poor cybersecurity habits, shares best practices for organizations to protect their employees, and highlights the importance of communication and education. Jason also discusses the latest trends in cybersecurity and the crucial role of technology in enhancing cybersecurity resilience. He ends with key advice for businesses looking to bolster their defenses against escalating cyber threats.
Jason has been architecting, designing, and deploying security technologies that secure the most complex computing environments for almost 2 decades. His understanding of operational and informational technologies, people, and processes enable him to deliver effective, comprehensive security solutions that align to an organization’s security goals and strategic imperatives. Jason is adept at addressing a range of risk profiles across multiple industry verticals; skills he has cultivated as an end-user security practitioner, partner/integrator, and now manufacturer as the FIELD CTO, focused on Cybersecurity for Cisco Systems. Jason is also active in the direct community speaking at BC Aware, Privacy and Security Conference, Cisco Live, and has delivered multiple sessions at BSides. Jason also holds over 75+ designations across a variety of products and technologies including the CCIE designation.
Can you tell us more about the recent survey conducted by Cisco on Canadian hybrid workers’ cybersecurity habits? What were some of the most concerning findings from the survey?
The move to a hybrid world has changed the cybersecurity landscape for Canadian organizations as they navigate evolving threats. Cisco’s Consumer Security survey revealed that while more Canadians are embracing hybrid work – working from multiple devices across multiple locations – they are not taking appropriate precautions to protect themselves and their organization from cyberthreats.
Half (54%) of respondents worry about their connected devices being hacked/attacked, but only 12% said they last changed their private Wi-Fi password one year ago, while 13% have never changed their private Wi-Fi password. These networks are now the vehicles to the corporate environment.
They’re also frequently working from personal devices – 63% write/send work emails on their personal devices and almost half (47%) use personal devices to read articles/complete research for a work task. Without the right security precautions on their personal devices, employees are unwittingly putting themselves and their organizations at greater risk.
What are some of the most common cybersecurity risks that businesses face due to employees’ poor cybersecurity habits?
Phishing attacks and malware attacks are two of the most common cyber-attacks that businesses face.
When employees use personal devices for work tasks, access public Wi-Fi, and do not learn about cyber safety from credible sources, they are making themselves especially vulnerable to these kinds of attacks. But organizations are also culpable and if they do not educate their employees on appropriate cyber safety practices, or implement the right technology or platforms, then they aren’t taking accountability to close their cybersecurity gaps and maintain resilience against threats.
What are some best practices that businesses can implement to better protect their workers and their organization from cybersecurity threats?
Hybrid work has created huge opportunities for employers and employees. However, it has also meant that people are working on multiple devices from different locations, leading to new challenges for IT teams to keep their employees connected everywhere, while limiting security risks.
This means we need to think differently about security because siloed security strategies don’t work anymore. Organizations should focus on security resilience – prioritizing and anticipating threats so that they can bounce back faster when a threat becomes real.
At Cisco, we see four challenges to security resilience faced by organizations: unsecure connections; compromised credentials; limited/no visibility or control from the internet to the endpoint; and a shortage of resources or time.
While each security event gives team an opportunity to learn, adapt and build resilience for the future, there are best practices to help address these challenges:
- Verify the identity of every user regardless of how they connect – stepping up or down authentication based on where people connect and qualifying the health of the device they are using.
- Ensure the connection is secure regardless of the device (registered or unregistered) used by an employee.
- Increase visibility with a platform-based security approach that provides detection, prevention and response capabilities across the entire ecosystem while removing complexity.
- Improve the ability to orchestrate and automate a response to free up time and resources. Allocate these critical resources elsewhere to drive better value for business.
How can businesses effectively communicate the importance of cybersecurity to their employees?
Education is one of the most important tools we have against cyber threats, and organizations have a responsibility to communicate the importance of cybersecurity to employees and provide the resources and knowledge they need to defend themselves. If employees know what to look out for, they can avoid some of the most common cybersecurity mistakes and help protect themselves and their organization.
However, Canadians aren’t drawing their cybersecurity information from credible sources or actively seeking these trusted sources. When asked where they seek advice about online and device security behavior, the answers were stacked predominantly towards asking friends and family (42%) or just using common sense (40%).
Businesses should create a cybersecurity communications policy if they want certain behaviours adopted. These include clearly introducing – without buzz words –corporate security policies, requiring employees to take courses on security awareness and regularly providing security updates via email, such as tips and best practices. Make learning fun with a rewards program and digital badges highlighting advancements.
What are some of the latest cybersecurity trends and threats that businesses should be aware of? How can businesses ensure that their remote workers have access to secure and reliable networks and devices?
One of the most worrying trends we’re seeing is that cyber-attacks in Canada are on the rise. Cisco’s Cybersecurity Readiness Index found that 77% of Canadian companies expect a cybersecurity incident to disrupt their business in the next year or two. The cost of being unprepared is substantial: 51% said they had a cybersecurity incident in the last year and 34% of those affected said it cost at least US $500,000.
At the same time, more companies are acting to prioritize security with 78% saying they plan to increase cybersecurity budgets by at least 10% over the next year.
With more employees working in remote and hybrid environments, the threat landscape has expanded. Adopting simple tools like Multifactor Authentication, DNS, web, email, and endpoint protections can make a meaningful difference in protecting employees.
What role do you see technology playing in improving cybersecurity for hybrid workers?
In recent years, work culture has accelerated faster than the technology deployed to protect employees. Businesses need to keep up, because the right technology is critical to allow employees to work from anywhere safely and securely. Organizations need to consider integrated platforms to achieve security resilience while reducing complexity. If organizations can close these security gaps, their odds of identifying, responding to and remediating a threat or attack will greatly improve.
Finally, what advice would you give to businesses who are looking to enhance their cybersecurity posture and protect their employees from cybersecurity threats?
Enhancing cybersecurity posture and protecting your organization from cyber threats is mission critical. Organizations need build security resilience – focusing on what matters most and anticipating what is forthcoming so that they can bounce back faster when a threat becomes real. With the consequences of cyberattacks so clear, readiness and resilience must be prioritized and deployment of solutions should be accelerated.
Hybrid work adds complexity to our defensive posture which is a target for adversaries. Organizations should identify and address their security gaps to advance their defensive posture and elevate their capabilities to match those of the adversary. That said, with a little work, we can make it very difficult for the ones targeting us.